The Opensea platform, one of the most popular marketplaces for non-fungible token (NFT) trading on the Ethereum network, is investigating the theft of assets from its users. From what is known so far, a hacker would have deceived dozens of people through emails with malicious links.
According to the Twitter account @tucanalcrypto, the attacker would have sent an email to thousands of Opensea users using the domain firstname.lastname@example.org, very similar to the official one used by the platform. In this way, he would have tricked them into signing a malicious contract, an action supposedly necessary to avoid the suspension of “unverified accounts”.
Devin Finzer, one of the co-founders and current CEO of the platform, confirmed the news at midnight on Saturday. Through a post on Twitter, he assured that “so far, we believe this is a phishing attack.” Along these lines, he ruled out that the problem has to do with the Opensea site, but that apparently 32 users signed a malicious contract with the attacker, which allowed him to take over their NFT collections and steal them.
In the continuation of that thread, Finzer explained that the attacker’s account had been inactive for at least two hours and even some of the NFTs were returned to their owners. “The rumors about a $200 million hack are false. The attacker has $1.7 million ETH in his wallet after selling some of the stolen NFTs,” he added.
Upon entering what would be the attacker’s wallet, you can see an alert message about his possible relationship with the event. Additionally, many in and out movements across various tokens can be observed on the morning of Sunday, February 20.
At the time of writing this note, his balance was 3.01 ether (ETH), that is, approximately USD 8,060 according to the current price of the cryptocurrency.